利用情境感知分析於變異智能合約偵測組合式去中心化金融攻擊

Abstract

去中心化金融（DeFi）攻擊在過去四年中造成超過36億美元的損失。然而，由於DeFi協議的可組合性，智能合約安全工具在攻擊前檢測這些漏洞的表現仍然很差。為了解決這個問題，我們提出了 DeFiMutator，這是第一個有效檢測導致價格操縱或獎勵操縱攻擊的DeFi組合漏洞的工具。受智能合約審計流程啟發，DeFiMutator首先根據常見的DeFi使用模式解碼合約互動情形。然後，在檢測到關鍵的外部調用時，DeFiMutator 會將漏洞動態插入到智能合約中。最後，使用上下文感知的污點分析來過濾插入的漏洞的誤報。當應用於19個收集的過去的DeFi攻擊事件時，DeFiMutator能夠檢測到其中的68％，而現有最先進的工具僅檢測到37％。此外，通過分析七天的交易數據，DeFiMutator在以太坊和BNB智能鏈上發現了197個易受攻擊的合約，並且有57％的準確率。

Decentralized finance (DeFi) attacks have resulted in losses of more than US$3.6 billion in the past four years. Nevertheless, smart contract security tools still perform badly at detecting these vulnerabilities before attacks due to the composability of DeFi protocols. To address this problem, we present DeFiMutator, a first tool that efficiently detects DeFi compositional vulnerabilities leading to price-manipulation or reward-manipulation attacks. Inspired by the practices of human auditors, DeFiMutator first decodes protocol interactions according to common DeFi usage patterns. Then, when critical external calls are detected, the bugs are dynamically inserted into the smart contracts. Finally, false positives created by the inserted bugs are filtered using context-aware taint analysis. When applied to 19 collected past DeFi attack incidents, DeFiMutator was able to detect 68% of them, whereas a state-of-the-art tool only detected 37%. Furthermore, by analyzing seven days of transaction data, DeFiMutator discovered 197 vulnerable contracts on the Ethereum and BNB Smart Chain, with a 57% of accuracy rate.